Last month, Microsoft sent flowers to a mock funeral for Internet Explorer 6, in a show of support for the ideal that the old browser should be declared defunct worldwide. But for a few years yet, the company is still bound to support the product for those users (generally businesses) who refuse to upgrade it. That's why new exploits that continue to target old browsers, such as IE6 and IE7, continue to get attention even a full year after the proper security fix -- IE8 -- has been deployed.

One of the libraries that, among other functions, helps IE to print is the target of an exploit released to the wild earlier this month. The exploit creatively overloads the system with JavaScript variables, then places function calls to IEPEERS.DLL. Once the library is effectively crashed, its used memory isn't cleaned up, enabling binary code seeded into that memory to be executed -- a classic use-after-free scenario.

Continue reading →

Could the manufacturers of DVD players (no, not just Blu-ray, but the original DVDs) owe back royalties to Alcatel-Lucent for the use of patented technology by way of the MPEG-2 codec? The MPEG Licensing Authority had asserted that Alcatel may have structured its 2006 merger with Lucent in such a way that it could hide up to five patents in a special trust, and spring their overdue royalties on the video industry long after DVDs already began the march to obsolescence.

That assertion was being made in a Delaware courtroom earlier this month, in a trial pertaining to a lawsuit filed by the MPEG Licensing Authority back in 2007. Today, MPEG LA -- which also collects royalties for the use of MPEG-2 -- announced a settlement in the case, essentially amounting to a complete defeat for Alcatel-Lucent.

Continue reading →

Video sharing site Brightcove is using the impending launch of the Apple iPad as a platform to talk up its support for HTML 5, the updated spec for the Web's core markup language which brings rich functionality to sites (such as video) without the need for third-party plug-ins like Adobe's Flash or Microsoft's Silverlight.

Earlier this year, Brightcove's bigger competitors YouTube and Vimeo announced they were experimenting with HTML 5, but both warned that not everyone would be able to see videos unless they had a compatible browser. Vimeo, for example, said 90% of its videos would work in HTML 5-compatible browsers, but only 20% of viewers would be using one.

Continue reading →

Either the news media is convinced that Apple's forthcoming iPad is the vehicle for delivering news publishing out of its funk, or it's convinced that Apple is conspiring to circumvent the natural course of news with its own walled garden platform. In any event, in the portion of the universe where the two parties are evidently not in bed with one another, the BBC reports that it has been forced to indefinitely postpone the rollout of its iPhone/iPod touch/iPad newsreader app, after the EU's trade group for newspapers complained it could pre-empt their plans to migrate online.

Today, the BBC Trust, which sets policy for the Corporation and serves as its board of directors, put a hold on next month's planned release of the BBC news reader, which would have been distributed for free. The BBC is sustained by UK citizens who pay regular license fees, so on paper, the reason for the delay is to determine whether free distribution of the app goes against its mandate.
But BBC News didn't muzzle its own impression of the Trust's intent. In its report this afternoon, it noted the Trust's citation of "representations from industry" as contributing to its postponement decision.

Continue reading →

It's been about five months since Apple put out the Mac OS X 10.6.2 update, which fixed a potentially damaging guest account bug that could delete a user's account data if another user logged in and out of a guest account on a Snow Leopard machine.

Today, the company rolled out its next update to the operating system, which has reportedly been in beta since late December. The update includes more than 70 security fixes and 49 general improvements to Snow Leopard, including fixes for Mail, MobileMe, and AirPort. The full release notes are here.

Continue reading →

Can you vehemently disagree with a colleague and still respect him? Despite the often passionate claims of our readers and commenters, who may have forgotten the era of Siskel & Ebert, I believe you can.

I'm as much a fan of a vigorous debate as anyone else. In my previous column last Thursday, Enough with the Apple bashing!, I apparently stepped on the baby toe of fellow Betanews contributor, Joe Wilcox. As scathing as his response -- entitled Of course media bias favors Apple -- was, I assure you I've got pretty thick skin.

Continue reading →

The iPad cometh this Saturday to an Apple Store near you -- or in a pretty box delivered to your door. No doubt, this week the rumor mill will again run wild about what to expect. I've been wondering about rights usage for ebooks. Can Apple do better than Amazon or Barnes & Noble? That answer is best for a blog post, but not this one.

March 21 post "Be smart, don't buy into iPad hype" was 98 percent about blogger, news media and Wall Street bias favoring Apple. I ended the post "by conducting an informal survey, asking simply: Did you buy an iPad?" Nearly all the comments answered that question, rather than address the post's main topic. That's perhaps commentary on the topic, my writing, interest in iPad -- or all three! I've grabbed a sampling of the best comments about preordering iPad. With that introduction, here are your answers to the question: Did you buy an iPad?

Continue reading →

The puzzle for software companies as they adopt Web services is how to make them profitable. Anyone who tries the ad-supported model 1) plays against Google on its home turf; 2) risks working against application efficiency; 3) could raise the ire of users. And anyone who tries offering subscription to storage space 1) could easily be outdone by the first vendor to give away all its space for free; 2) faces an uphill value proposition against cheap local storage, and free synchronization such as Windows Live Sync solving the mobility problem.

Over the past several months, we've seen Adobe playing up collaboration as a key feature of its Acrobat.com service, even over portability -- the element that's most often associated with Adobe. Today, we have confirmation as to why: Inaugurating a potentially lucrative subscription strategy, Adobe hopes consumers will be willing to use Web apps such as Buzzword for free, while paying monthly for the capability to share documents.

Continue reading →

One of the extraordinary truths about the Internet as a mechanism is that the databases that enable every IP address to be resolved, are maintained and published by a very small number of organizations acting as a cooperative. The health of the entire network depends on these groups' vigilance. One of these groups is Autonomica AB, a division of the Swedish ISP Netnod. It operates the "I" root server, which in recent weeks has been the apparent victim of a kind of spoofing attack that's been harmless thus far, but could conceivably demonstrate the capability of one rogue element to pollute the entire Internet.

Thanks to the current state of affairs, some are now suspecting a China-based culprit. But as we all know with the Internet, just because a malicious server resides in one country doesn't mean its malicious operator works there as well.

Continue reading →

In the latest check of progress in the development of the major Web browsers for Windows, the brand that helped Betanews launch its regular browser performance tests appears to be making a comeback effort: With each new daily build, the WebKit browser engine -- running in Apple's Safari 4.0.5 chassis -- gains computational speed that it was sorely lacking.

Safari already leads Google Chrome in the rendering department, and posts scalability scores comparable to Opera 10.51, in Betanews' Windows 7 Relative Performance Index suite. In this morning's round of tests using WebKit daily build 56417 on Windows 7, Safari scored a very respectable 20.27, coming up just behind the latest stable Chrome 4.1 at 21.22.

Continue reading →

I have three questions for my Betanews writing colleague Carmi Levy: Do you own a Mac or iPhone? Do you invest in Apple? Did you preorder iPad or plan to buy one next week? For fair disclosure, I am writing this post on a 13-inch MacBook Pro (running Snow Leopard). I don't own an iPhone (anymore) and I have never invested in Apple (I own no stock whatsoever; I'll die poorer by my no-conflict-of-interest principles). I ask these questions because he writes: "To set the record straight, from where I sit, the media are not biased toward Apple."

Carmi Levy made that -- and many other shocking statements -- in late Thursday post: "Enough with the Apple bashing!" Eh, what Apple bashing? In my Sunday post, "Be smart, don't buy into the iPad hype," I gave clear examples how bloggers, reporters and Wall Street analysts are biased in favor of Apple. My colleague offers no evidence, just innuendo, to support claim that  a "backlash against Apple increases to compensate" for Apple succeeding "where others have failed."

Continue reading →

A US Government Accounting Office report released yesterday (PDF available here) reveals an astonishing and counter-intuitive trend: Government agencies' compliance with directives intended to improve information security has declined in inverse proportion to the amount of training they receive.

In a report to the House Government Management Subcommittee yesterday, the GAO cited increased awareness of the provisions of the Federal Information Security Management Act (FISMA), due to increased awareness training among the 24 federal agencies tested: 91% of employees in those agencies received testing in fiscal 2009, up 3% from the previous year. But specifically in light of increased exposure to the Gumblar Trojan and the Conficker worm, at least 17 of those agencies were reported to have enacted deficient responses to these increasing threats, including essentially assigning the entire job of security to just one person -- against FISMA's mandate.

Continue reading →

You may not know the name Nuance Communications, but you can bet you've used this company's products. It deals with linguistic solutions in the health care, enterprise, and the consumer mobile spaces. If you were to know the company for anything, though, you'd probably know Nuance as the company that owns T9 text completion, which ships on 85% of all mobile phones.

You may also not know the name Cliff Kushler, but he was one of the inventors of T9 at Tegic Communications. He went on from there to launch the company Swype after Nuance acquired Tegic in 2007.

Continue reading →

As the hype machine for iPad availability revs up into overdrive (and, in some cases, tacks on afterburners), in a desperate effort to restore balance to the universe -- or, in some people's lives, what passes for a universe -- backlash against Apple increases to compensate. I'm thinking it's getting more than a little ridiculous to demonize a company because it's managed to succeed where others have failed.

I'm thinking it's time to stop the silliness.

Continue reading →

The most powerful deterrent against the use of man-in-the-middle attacks against SSL/TLS-encrypted connections may be how much easier it may be to simply attack from the endpoint. Certainly "man-in-the-middle" sounds more sophisticated, and as a pair of well-known academic researchers are preparing to report, the phrase has actually become a "starburst" marketing point for the sale of digital surveillance equipment to government agencies.

But perhaps the most serious defect in the SSL system, allege Indiana University graduate student Christopher Soghoian and Mozilla security contributor Sid Stamm, lies in the ability of government agencies (or individuals acting in the name of government agencies) to acquire false intermediate certificates for SSL encrypted trust connections. Those certificates could enable them to, in turn, sign and authenticate Web site SSL certificates that purport to be legitimate collectors of personal information, such as banks.

Continue reading →